Download Raw Diff

Details

Reviewers

delcypher
kubamracek

Commits

rGb16dfbead21a: [Darwin] Fix OS version checks inside simulators

Summary

compiler-rt checks OS versions by querying the Darwin kernel version.
This is not necessarily correct inside the simulators if the simulator
runtime is not aligned with the host macOS.

Note that we still use the old code path as a fallback in case the
SIMULATOR_RUNTIME_VERSION environment variable isn't set.

rdar://63031937

Diff Detail

Repository: rG LLVM Github Monorepo

Unit TestsFailed

	Time	Test
	150 ms	cfi-devirt-lld-thinlto-x86_64.cfi-devirt-lld-thinlto-x86_64::Unknown Unit Message ("")
	130 ms	cfi-devirt-lld-thinlto-x86_64.cfi-devirt-lld-thinlto-x86_64::Unknown Unit Message ("")
	100 ms	cfi-devirt-lld-thinlto-x86_64.cfi-devirt-lld-thinlto-x86_64::Unknown Unit Message ("")
	120 ms	cfi-devirt-lld-thinlto-x86_64.cfi-devirt-lld-thinlto-x86_64::Unknown Unit Message ("")
	90 ms	cfi-devirt-lld-thinlto-x86_64.cfi-devirt-lld-thinlto-x86_64::Unknown Unit Message ("")
		View Full Test Results (112 Failed)

Event Timeline

yln created this revision.May 14 2020, 6:55 PM

Herald added a project: Restricted Project. · View Herald TranscriptMay 14 2020, 6:55 PM

Herald added a subscriber: Restricted Project. · View Herald Transcript

yln added a parent revision: D79970: [Darwin] Improve runtime OS version checks.May 14 2020, 6:56 PM

yln mentioned this in D79965: [Darwin] Add and adopt a way to query for the Darwin kernel version.May 14 2020, 7:03 PM

Harbormaster failed remote builds in B56813: Diff 264137!May 14 2020, 7:35 PM

I don't think calling os_system_version_get_current_version is safe.

compiler-rt/lib/sanitizer_common/sanitizer_mac.cpp
645	Calling this potentially unsafe. For the simulators this function appears to call `asprintf()` (which mallocs) and `free()` which means we can't use this function during ASan/TSan's init. This would mean we couldn't do version checks during init which sounds like something we'd want to do. Libxpc appears to implement this function by looking at `IPHONE_SIMULATOR_ROOT` in the environment and then reading a plist file rooted at that path. Reimplementing that sounds painful. Instead we could just try to parse the `SIMULATOR_RUNTIME_VERSION` environment variable if its set.

This revision now requires changes to proceed.May 20 2020, 7:01 PM

delcypher added inline comments.May 20 2020, 7:05 PM

compiler-rt/lib/sanitizer_common/sanitizer_mac.cpp
619	I'm not a huge fan of macros. Given that we only need to do this stuff inside `GetMacosAlignedVersionInternal` can we just do this without them?

Don't call os_system_version_get_current_version(), but check SIMULATOR_RUNTIME_VERSION env var instead.

Switched to checking the SIMULATOR_RUNTIME_VERSION env var. If it doesn't exist (which should never happen?!) we fallback to the old code path which approximates the simulator runtime version by querying the kernel version. Should we fail here instead?

If SIMULATOR_RUNTIME_VERSION is mis-formatted/lying we are out of luck: we simple interpret what's there. I think this is okay.

compiler-rt/lib/sanitizer_common/sanitizer_mac.cpp
645	Just to make sure I understand: we are not allowed to call anything that allocates during initialization of the sanitizers?

yln edited the summary of this revision. (Show Details)Jun 4 2020, 1:11 PM

yln marked an inline comment as done.

yln added inline comments.

compiler-rt/lib/sanitizer_common/sanitizer_mac.cpp
619	Trying to avoid macros/#ifdefs. Using constexpr instead.

Cleanup test code.

yln marked an inline comment as done.Jun 4 2020, 1:22 PM

yln added inline comments.

compiler-rt/lib/sanitizer_common/sanitizer_mac.cpp
633	Print warning and fallback. Should we error out instead?

yln added a child revision: D81197: [Darwin] Cleanup code via improved GetMacosAlignedVersion().Jun 4 2020, 3:14 PM

Harbormaster failed remote builds in B59135: Diff 268570!Jun 4 2020, 4:04 PM

Harbormaster failed remote builds in B59138: Diff 268577!

delcypher requested changes to this revision.Jun 9 2020, 6:11 PM

delcypher added inline comments.

compiler-rt/lib/sanitizer_common/sanitizer_mac.cpp
611	Do we really want to fatally fail here? All is needed is for `SIMULATOR_RUNTIME_VERSION` to be set inappropriately and then process won't even start. Perhaps return a boolean indicating success and we can decide in `GetMacosAlignedVersionInternal()` how handle failure.
619	Nice.
645	Kind of. There is a point in time during initialization where it becomes safe to call malloc but it is unsafe before then. IIRC it's safe to call malloc when `Symbolizer::LateInitialize()` is called or later.
compiler-rt/lib/sanitizer_common/tests/sanitizer_mac_test.cpp
37	We don't build the unit tests for the simulators IIRC so I'm sure this will actually be executed.

This revision now requires changes to proceed.Jun 9 2020, 6:11 PM

@delcypher: I explained my reasoning for preferring a fatal error here. Can we proceed?

compiler-rt/lib/sanitizer_common/sanitizer_mac.cpp
611	Yes, I think we want a fatal error here. I think crashing on an ill-formatted env var is better than proceeding and going into a scenario that can give rise to very subtle bugs because the version checking off. Initially, I even thought about having a fatal error when we are in the simulator and the env var is not present at all (see comment below). I reckon you would argue agains that? I also believe that this scenario of: 1) running in simulator, 2) env var present, 3) but ill-formatted should really never happen. Do you anticipate this happening? Note: we still can get into a tricky situation, if the env var is well formatted, but lying. I don't think we can do anything about that.
compiler-rt/lib/sanitizer_common/tests/sanitizer_mac_test.cpp
37	That's right, this is here for expressing intent (and maybe we will run the unit tests in the simulator one day?). Any suggestions on how to better test this? I just did an additional manual test for `GetMacosAlignedVersion()` with a small HelloWorld plus a Printf int the runtime to print the parsed version.

yln marked 2 inline comments as done.Jun 10 2020, 9:52 AM

Rebase/compensate for recent version scheme change (macOS 11).

Harbormaster failed remote builds in B63816: Diff 277150!Jul 10 2020, 3:18 PM

Add UNREACHABLE case for macOS to GetDarwinKernelMajorFromOSMajor() to document that it is not supported.

Harbormaster failed remote builds in B63822: Diff 277160!Jul 10 2020, 4:40 PM

This revision was not accepted when it landed; it landed in state Needs Review.Jul 16 2020, 10:48 AM

Closed by commit rGb16dfbead21a: [Darwin] Fix OS version checks inside simulators (authored by yln). · Explain Why

This revision was automatically updated to reflect the committed changes.

delcypher added inline comments.Jul 16 2020, 11:03 AM

compiler-rt/lib/sanitizer_common/sanitizer_mac.cpp
636	This function name and API is leaking the implementation detail that it only needs the major. Maybe just have it take a `DarwinKernelVersion` argument and rename it to something like `GetMacosVersionFromDarwinKernelVersion`? This change is optional.
compiler-rt/lib/sanitizer_common/tests/sanitizer_mac_test.cpp
37	Given that this won't execute I think this deserves a TODO(yln): rdar://problem/<number> Build sanitizer unit tests for the Darwin simulators.

I accidentally pushed this. Reverting and creating another revision for this.

Reverted in bd88991a011be895ba73fe07015df25e1e55992e.

yln marked 4 inline comments as done.Jul 16 2020, 12:05 PM

yln added inline comments.

compiler-rt/lib/sanitizer_common/sanitizer_mac.cpp
636	The `kernel_major` for the two call sites come from different sources: `GetDarwinKernelVersion().major` `GetEnv("SIMULATOR_RUNTIME_VERSION")` (os major) -> `GetDarwinKernelMajorFromOSMajor()` While there is a predictable mapping from Darwin kernel major to os major, this is not the case for the minor component. So we can't create a DarwinKernelVersion in this case. This is also the reason why we can only really check for major OS versions (the macOS 10.x version scheme makes this a bit confusing). But we can check for <major>.<minor> kernel versions.
compiler-rt/lib/sanitizer_common/tests/sanitizer_mac_test.cpp
37	I added this in the new revision.

Diff 268570

compiler-rt/lib/sanitizer_common/sanitizer_mac.cpp

//===-- sanitizer_mac.cpp -------------------------------------------------===//		//===-- sanitizer_mac.cpp -------------------------------------------------===//
		Lint: Lint Inline Actions clang-format not found in user's PATH; not linting file. Lint: Lint: clang-format not found in user's PATH; not linting file.
//		//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.		// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.		// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception		// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//		//
//===----------------------------------------------------------------------===//		//===----------------------------------------------------------------------===//
//		//
▲ Show 20 Lines • Show All 592 Lines • ▼ Show 20 Lines	HandleSignalMode GetHandleSignalMode(int signum) {
if ((SANITIZER_WATCHOS \|\| SANITIZER_TVOS) && !(SANITIZER_IOSSIM))		if ((SANITIZER_WATCHOS \|\| SANITIZER_TVOS) && !(SANITIZER_IOSSIM))
return kHandleSignalNo;		return kHandleSignalNo;
HandleSignalMode result = GetHandleSignalModeImpl(signum);		HandleSignalMode result = GetHandleSignalModeImpl(signum);
if (result == kHandleSignalYes && !common_flags()->allow_user_segv_handler)		if (result == kHandleSignalYes && !common_flags()->allow_user_segv_handler)
return kHandleSignalExclusive;		return kHandleSignalExclusive;
return result;		return result;
}		}

		void ParseVersion(const char vers, u16 major, u16 *minor) {
		// Format: <major>.<minor>[.<patch>]\0
		CHECK_GE(internal_strlen(vers), 3);
		delcypherUnsubmitted Done Reply Inline Actions Do we really want to fatally fail here? All is needed is for `SIMULATOR_RUNTIME_VERSION` to be set inappropriately and then process won't even start. Perhaps return a boolean indicating success and we can decide in `GetMacosAlignedVersionInternal()` how handle failure. delcypher: Do we really want to fatally fail here? All is needed is for `SIMULATOR_RUNTIME_VERSION` to be…
		ylnAuthorUnsubmitted Done Reply Inline Actions Yes, I think we want a fatal error here. I think crashing on an ill-formatted env var is better than proceeding and going into a scenario that can give rise to very subtle bugs because the version checking off. Initially, I even thought about having a fatal error when we are in the simulator and the env var is not present at all (see comment below). I reckon you would argue agains that? I also believe that this scenario of: 1) running in simulator, 2) env var present, 3) but ill-formatted should really never happen. Do you anticipate this happening? Note: we still can get into a tricky situation, if the env var is well formatted, but lying. I don't think we can do anything about that. yln: Yes, I think we want a fatal error here. I think crashing on an ill-formatted env var is better…
		const char *p = vers;
		major = internal_simple_strtoll(p, &p, /base=*/10);
		CHECK_EQ(*p, '.');
		p += 1;
		minor = internal_simple_strtoll(p, &p, /base=*/10);
		}

		constexpr u16 GetMacosVersionOffset() {
		delcypherUnsubmitted Done Reply Inline Actions I'm not a huge fan of macros. Given that we only need to do this stuff inside `GetMacosAlignedVersionInternal` can we just do this without them? delcypher: I'm not a huge fan of macros. Given that we only need to do this stuff inside…
		ylnAuthorUnsubmitted Done Reply Inline Actions Trying to avoid macros/#ifdefs. Using constexpr instead. yln: Trying to avoid macros/#ifdefs. Using constexpr instead.
		delcypherUnsubmitted Done Reply Inline Actions Nice. delcypher: Nice.
		if (SANITIZER_IOS \|\| SANITIZER_TVOS) return 2;
		if (SANITIZER_WATCHOS) return 9;
		return 0;
		}

static MacosVersion GetMacosAlignedVersionInternal() {		static MacosVersion GetMacosAlignedVersionInternal() {
		if (SANITIZER_IOSSIM) {
		if (auto vers = GetEnv("SIMULATOR_RUNTIME_VERSION")) {
		u16 major, minor;
		ParseVersion(vers, &major, &minor);
		return MacosVersion(10, major + GetMacosVersionOffset());
		}
		Report("WARNING: Running in simulator but SIMULATOR_RUNTIME_VERSION env "
		"var is not set.\n");
		ylnAuthorUnsubmitted Done Reply Inline Actions Print warning and fallback. Should we error out instead? yln: Print warning and fallback. Should we error out instead?
		}

u16 kernel_major = GetDarwinKernelVersion().major;		u16 kernel_major = GetDarwinKernelVersion().major;
		delcypherUnsubmitted Not Done Reply Inline Actions This function name and API is leaking the implementation detail that it only needs the major. Maybe just have it take a `DarwinKernelVersion` argument and rename it to something like `GetMacosVersionFromDarwinKernelVersion`? This change is optional. delcypher: This function name and API is leaking the implementation detail that it only needs the major.
		ylnAuthorUnsubmitted Done Reply Inline Actions The `kernel_major` for the two call sites come from different sources: `GetDarwinKernelVersion().major` `GetEnv("SIMULATOR_RUNTIME_VERSION")` (os major) -> `GetDarwinKernelMajorFromOSMajor()` While there is a predictable mapping from Darwin kernel major to os major, this is not the case for the minor component. So we can't create a DarwinKernelVersion in this case. This is also the reason why we can only really check for major OS versions (the macOS 10.x version scheme makes this a bit confusing). But we can check for <major>.<minor> kernel versions. yln: The `kernel_major` for the two call sites come from different sources: 1.
const u16 version_offset = 4;		u16 version_offset = 4;
CHECK_GE(kernel_major, version_offset);		CHECK_GE(kernel_major, version_offset);
u16 macos_major = kernel_major - version_offset;		return MacosVersion(10, kernel_major - version_offset);
return MacosVersion(10, macos_major);
}		}

static_assert(sizeof(MacosVersion) == sizeof(atomic_uint32_t::Type),		static_assert(sizeof(MacosVersion) == sizeof(atomic_uint32_t::Type),
"MacosVersion cache size");		"MacosVersion cache size");
static atomic_uint32_t cached_macos_version;		static atomic_uint32_t cached_macos_version;

		delcypherUnsubmitted Done Reply Inline Actions Calling this potentially unsafe. For the simulators this function appears to call `asprintf()` (which mallocs) and `free()` which means we can't use this function during ASan/TSan's init. This would mean we couldn't do version checks during init which sounds like something we'd want to do. Libxpc appears to implement this function by looking at `IPHONE_SIMULATOR_ROOT` in the environment and then reading a plist file rooted at that path. Reimplementing that sounds painful. Instead we could just try to parse the `SIMULATOR_RUNTIME_VERSION` environment variable if its set. delcypher: Calling this potentially unsafe. For the simulators this function appears to call `asprintf()`…
		ylnAuthorUnsubmitted Done Reply Inline Actions Just to make sure I understand: we are not allowed to call anything that allocates during initialization of the sanitizers? yln: Just to make sure I understand: we are not allowed to call anything that allocates during…
		delcypherUnsubmitted Done Reply Inline Actions Kind of. There is a point in time during initialization where it becomes safe to call malloc but it is unsafe before then. IIRC it's safe to call malloc when `Symbolizer::LateInitialize()` is called or later. delcypher: Kind of. There is a point in time during initialization where it becomes safe to call malloc…
MacosVersion GetMacosAlignedVersion() {		MacosVersion GetMacosAlignedVersion() {
atomic_uint32_t::Type result =		atomic_uint32_t::Type result =
atomic_load(&cached_macos_version, memory_order_acquire);		atomic_load(&cached_macos_version, memory_order_acquire);
if (!result) {		if (!result) {
MacosVersion version = GetMacosAlignedVersionInternal();		MacosVersion version = GetMacosAlignedVersionInternal();
result = reinterpret_cast<atomic_uint32_t::Type >(&version);		result = reinterpret_cast<atomic_uint32_t::Type >(&version);
atomic_store(&cached_macos_version, result, memory_order_release);		atomic_store(&cached_macos_version, result, memory_order_release);
}		}
return reinterpret_cast<MacosVersion >(&result);		return reinterpret_cast<MacosVersion >(&result);
}		}

void ParseVersion(const char vers, u16 major, u16 *minor) {
// Format: <major>.<minor>.<patch>\0
CHECK_GE(internal_strlen(vers), 5);
const char *p = vers;
major = internal_simple_strtoll(p, &p, /base=*/10);
CHECK_EQ(*p, '.');
p += 1;
minor = internal_simple_strtoll(p, &p, /base=*/10);
}

DarwinKernelVersion GetDarwinKernelVersion() {		DarwinKernelVersion GetDarwinKernelVersion() {
char buf[100];		char vers[100];
size_t len = sizeof(buf);		size_t len = sizeof(vers);
int res = internal_sysctlbyname("kern.osrelease", buf, &len, nullptr, 0);		int res = internal_sysctlbyname("kern.osrelease", vers, &len, nullptr, 0);
CHECK_EQ(res, 0);		CHECK_EQ(res, 0);

u16 major, minor;		u16 major, minor;
ParseVersion(buf, &major, &minor);		ParseVersion(vers, &major, &minor);

return DarwinKernelVersion(major, minor);		return DarwinKernelVersion(major, minor);
}		}

uptr GetRSS() {		uptr GetRSS() {
struct task_basic_info info;		struct task_basic_info info;
unsigned count = TASK_BASIC_INFO_COUNT;		unsigned count = TASK_BASIC_INFO_COUNT;
kern_return_t result =		kern_return_t result =
▲ Show 20 Lines • Show All 561 Lines • Show Last 20 Lines

compiler-rt/lib/sanitizer_common/tests/sanitizer_mac_test.cpp

	//===-- sanitizer_mac_test.cpp --------------------------------------------===//			//===-- sanitizer_mac_test.cpp --------------------------------------------===//
				Lint: Lint Inline Actions clang-format not found in user's PATH; not linting file. Lint: Lint: clang-format not found in user's PATH; not linting file.
	//			//
	// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.			// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
	// See https://llvm.org/LICENSE.txt for license information.			// See https://llvm.org/LICENSE.txt for license information.
	// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception			// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
	//			//
	//===----------------------------------------------------------------------===//			//===----------------------------------------------------------------------===//
	//			//
	// Tests for sanitizer_mac.{h,cpp}			// Tests for sanitizer_mac.{h,cpp}
	//			//
	//===----------------------------------------------------------------------===//			//===----------------------------------------------------------------------===//

	#include "sanitizer_common/sanitizer_platform.h"			#include "sanitizer_common/sanitizer_platform.h"
	#if SANITIZER_MAC			#if SANITIZER_MAC

	#include "sanitizer_common/sanitizer_mac.h"			#include "sanitizer_common/sanitizer_mac.h"

	#include "gtest/gtest.h"			#include "gtest/gtest.h"

	#include <sys/sysctl.h> // sysctlbyname			#include <sys/sysctl.h> // sysctlbyname
	#include <mach/kern_return.h> // KERN_SUCCESS			#include <mach/kern_return.h> // KERN_SUCCESS

	namespace __sanitizer {			namespace __sanitizer {

	TEST(SanitizerMac, GetMacosAlignedVersion) {
	MacosVersion vers = GetMacosAlignedVersion();
	EXPECT_EQ(vers.major, 10);
	EXPECT_EQ(vers.minor, GetDarwinKernelVersion().major - 4);
	}

	void ParseVersion(const char vers, u16 major, u16 *minor);			void ParseVersion(const char vers, u16 major, u16 *minor);

	TEST(SanitizerMac, ParseVersion) {			TEST(SanitizerMac, ParseVersion) {
	u16 major, minor;			u16 major, minor;

	ParseVersion("11.22.33", &major, &minor);			ParseVersion("11.22.33", &major, &minor);
	EXPECT_EQ(major, 11);			EXPECT_EQ(major, 11); EXPECT_EQ(minor, 22);
	EXPECT_EQ(minor, 22);
				ParseVersion("1.2", &major, &minor);
				EXPECT_EQ(major, 1); EXPECT_EQ(minor, 2);
				}

				#if SANITIZER_IOSSIM
				delcypherUnsubmitted Done Reply Inline Actions We don't build the unit tests for the simulators IIRC so I'm sure this will actually be executed. delcypher: We don't build the unit tests for the simulators IIRC so I'm sure this will actually be…
				delcypherUnsubmitted Not Done Reply Inline Actions Given that this won't execute I think this deserves a TODO(yln): rdar://problem/<number> Build sanitizer unit tests for the Darwin simulators. delcypher: Given that this won't execute I think this deserves a ``` TODO(yln): rdar://problem/<number>…
				ylnAuthorUnsubmitted Done Reply Inline Actions That's right, this is here for expressing intent (and maybe we will run the unit tests in the simulator one day?). Any suggestions on how to better test this? I just did an additional manual test for `GetMacosAlignedVersion()` with a small HelloWorld plus a Printf int the runtime to print the parsed version. yln: That's right, this is here for expressing intent (and maybe we will run the unit tests in the…
				ylnAuthorUnsubmitted Done Reply Inline Actions I added this in the new revision. yln: I added this in the new revision.
				TEST(SanitizerMac, GetMacosAlignedVersion) {
				if (SANITIZER_IOSSIM) {
				const char *vers;
				if (SANITIZER_IOS \|\| SANITIZER_TVOS) {
				vers = "13.0";
				} else if (SANITIZER_WATCHOS) {
				vers = "6.5"
				} else {
				FAIL() << "unsupported simulator runtime";
				}
				setenv("SIMULATOR_RUNTIME_VERSION", vers, /overwrite=/1);
				}

				MacosVersion vers = GetMacosAlignedVersion();
				EXPECT_EQ(vers.major, 10);
				EXPECT_EQ(vers.minor, 15);
				}
				#else
				TEST(SanitizerMac, GetMacosAlignedVersion) {
				MacosVersion vers = GetMacosAlignedVersion();
				EXPECT_EQ(vers.major, 10);
				EXPECT_EQ(vers.minor, GetDarwinKernelVersion().major - 4);
	}			}
				#endif

	TEST(SanitizerMac, GetDarwinKernelVersion) {			TEST(SanitizerMac, GetDarwinKernelVersion) {
	DarwinKernelVersion vers = GetDarwinKernelVersion();			DarwinKernelVersion vers = GetDarwinKernelVersion();
	std::ostringstream oss;			std::ostringstream oss;
	oss << vers.major << '.' << vers.minor;			oss << vers.major << '.' << vers.minor;
	std::string actual = oss.str();			std::string actual = oss.str();

	char buf[100];			char buf[100];
	Show All 12 Lines

This is an archive of the discontinued LLVM Phabricator instance.

[Darwin] Fix OS version checks inside simulators
ClosedPublic

Details

Diff Detail

Unit TestsFailed

Event Timeline

Revision Contents

Diff 268570

compiler-rt/lib/sanitizer_common/sanitizer_mac.cpp

compiler-rt/lib/sanitizer_common/tests/sanitizer_mac_test.cpp

This is an archive of the discontinued LLVM Phabricator instance.

[Darwin] Fix OS version checks inside simulatorsClosedPublic

Details

Diff Detail

Unit TestsFailed

Event Timeline

Revision Contents

Diff 268570

compiler-rt/lib/sanitizer_common/sanitizer_mac.cpp

compiler-rt/lib/sanitizer_common/tests/sanitizer_mac_test.cpp

[Darwin] Fix OS version checks inside simulators
ClosedPublic